After properly configuring multiple VLANs, an administrator has decided to secure its VLAN network. Which three steps are required to secure this environment? (Choose three)

A.
If a port is connected to a foreign device make sure to disable CDP, DTP, RPR, PAgP,UDLP, and any other unnecessary protocols, and enable UplinkFast/BPDU guard on it.

B.
Disable all unused ports and place them in an unused VLAN to avoid unauthorized access

C.
Configure VTP domains appropriately or turn off VTP altogether to limit or prevent undesirable protocol interaction with regards to the network-wide VLAN configuration

D.
Enable root guard feature to prevent a directly or indirectly connected STP-capable device from affecting the location of the root bridge

E.
Set the native VLAN ID to match the port VLAN ID of any 802.1q trunk to prevent spoofing

Explanation:
content\166040\plo_content\ORG1114\COURSE166040\enus_011140\lsn_02\tpc_a\enus_011425_03c.xml :
To secure a switch network, VTP domains should be configured appropriately, or turn off VTP altogether. This limits or prevents possible undesirable protocol interaction with regards to the network-wide VLAN configuration.
content\166040\plo_content\ORG1114\COURSE166040\enus_011425\lsn_03\tpc_b\enus_011425_03b.xml:
For security, you should disable all unused ports and place them into an unused VLAN. That prevents unauthorized users from plugging in and sending traffic to a legitimate VLAN. If this unused VLAN differs from the native VLAN on any trunk, this also protects against a “VLAN hopping” exploit. You should also set unused access ports to trunking OFF, so they will reject any trunk-encapsulated frames.